Two banks that took legal action against Target over its recent data breach have withdrawn their claims, apparently due to an erroneous allegation against a security vendor also named in the suit.
Green Bank of Houston filed a notice of dismissal Monday in the U.S. District Court for the Northern District of Illinois, effectively saying it will no longer pursue the claim. Trustmark National Bank of New York made a similar filing Monday.
The banks had alleged that Target's data breach occurred because it failed to meet industry standards to protect payment card data. Also named as a defendant was Trustwave, a security company that specializes in payment card compliance.
Green Bank and Trustmark complained in the suit that U.S. banks have already spent US$172 million replacing compromised payment cards. The lawsuit asked for unspecified compensatory and statutory damages.
However, on Saturday Trustwave CEO Robert J. McCullen wrote in a letter that Target had not outsourced its data security or its IT obligations to Trustwave. "Trustwave did not monitor Target's network, nor did Trustwave process cardholder data for Target," he wrote.
It's not clear from the lawsuit why the banks thought Trustwave had provided that service for Target. Their suit alleged that Trustwave had scanned Target's network on Sept. 30 but found no vulnerabilities.
Lawyers for Trustmark National Bank and Green Bank did not respond to emails over the weekend and could not be reached by phone late Monday.
The lawsuit is just one of dozens filed against Target, which lost 40 million payment card details and 70 million other personal records in one of the largest data breaches in history.
Target executives have been called to testify several times before Congress. The company has said it believes attackers stole the data between Nov. 27, 2013, and Dec. 15, 2013, via malicious software installed on point-of-sale devices.
Sign up for Computerworld eNewsletters.